Since it’s already Friday, just before leaving for the weekend, here is a quick hack for all MacOS X infosec guys… and the others! I’m not afraid to admit it: I’m lazy! We are using computers all day long and they have been created (usually 😉 to automate tasks. Let them do  our boring job…
One of the  recurring tasks I perform multiple times a day is scanning URLs for malicious code. We all read daily plenty of information which contains URLs (mail, PDFs, Office documents). Call me paranoid but I prefer to scan them before suffering an unexpected behavior just with a mouse click! I’m a fan of the online service called urlQuery for this task:
“urlQuery.net is a service for detecting and analyzing web-based malware. It provides detailed information about the activities a browser does while visiting a site and presents the information for further analysis.”
Submit your URL and a report will be generated with the complete analyze of the code and objects downloaded. Why not automate the submission of URLs to urlQuery?
OS X comes with nice tools to automate a lot of stuff. I recommand to have a look at Automator and AppleScript. They can be used to create personalized services which are available in any application via a righ-click and chosing “Services“.
Let’s create a new service called “Analyze with urlQuery“. Launch Automator:
- Select Library > Utilities > Run AppleScript
- Define the parameters:
Service receives selected: “URLs” in “any application”
Input is “only URLs” - Create the AppleScript below
- Save
The AppleScript is really simple: It opens a new tab in the first Google Chrome window, connect to urlquery.net, fill the form with the (malicious) URL and submit it!
on run {input, parameter}
set url0 to "http://urlquery.net"
set input0 to (input as string)
tell application "Google Chrome"
reopen
activate
tell window 1
make new tab with properties {URL:url0}
end tell
delay 2
end tell
tell application "Google Chrome" to activate
tell application "System Events"
keystroke input0
keystroke return
end tell
return input
end run
Once created, a new service will be available in your applications like Mail:
Simple and convenient! A big thank to @_coreDump for his precious help to fix my AppleScript code!
I got it working with Safari, not sure why Chrome was being stubborn. Here’s my code, I hardcoded http://urlquery.net but it can easily be a parameter like your code above shows, I was simply being lazy.
on run {input}
set input0 to (input as string)
tell application “Safari”
open location “http://urlquery.net”
activate
delay 4
tell application “System Events”
keystroke input0
keystroke return
end tell
return input
end tell
end run
Yeah, the page loads quickly, but selected URL is pasted in the address bar and not the URLQuery form itself. I’ll see if there’s a way to enforce the place the cursor inside the form on load with AppleScript; maybe it will work then.
Strange! Does the page loads (urlquery.net) loads quickly? There is a pause of 2″ before sending the URL to the browser.
It could be possible to implement a waiting loop to be sure that the Browser has successfully loaded the page.
The AppleScript doesn’t seem to work properly: instead of submitting the URL to the form on the page, it pastes the URL in Chrome’s address bar, making it look like:
http://urlquery.nethttp//blog.roorshell.be
which clearly doesn’t work. I haven’t figured out a way to make sure it’s submitted to the form on the page yet.
RT @xme: [/dev/random] Scanning Malicious URLs in One Mouse Click http://t.co/QSNXVrxk
RT @xme: [/dev/random] Scanning Malicious URLs in One Mouse Click http://t.co/QSNXVrxk
RT @xme: [/dev/random] Scanning Malicious URLs in One Mouse Click http://t.co/QSNXVrxk
@xme awesome thx for the share